  look, I get why y’all like the “supply chain” rhetoric, it helps you continue pretending that software security can be solved through capitalistic means here’s the thing: I’ve run a manufacturing business before. I’m getting a second one going. Supply Chains are defined by an exchange of money for goods, with value-add steps in between. That’s it Where’s the money, Lebowski? Software packaging security is a social trust problem, which can’t actually be “solved” in a capitalist framework congrats everyone, you’ve convinced me that github is as harmful to free software efforts as discord, surprising even me Github has created and captured an enormous amount of value for themselves on the backs of other people’s labor, and once you see this it’s hard to look at the “software supply chain” thing and not see it as an attempt to protect their assets  @mattly yeah 😞 But it's hard to do anything about that due to network effects. Assuming you want other people to contribute to a project the site basically enlisted everyone who used it into helping it become critical societal infrastructure, in the same way that Amber Alerts now include t.co links to x dot com accounts that require you to be signed in in order to read and it was us who helped it get there, simply by participating  @mattly they got bought by Microsoft which basically bought OpenAI (although that's not what their PR want us to believe). MS also bought LinkedIn and gave and is now the default search engine for DuckDuckGo. you see where they are going given their "investment" in OpenAI. Like, I know this is a dumb petulant Persistent Drive for Autonomy thing but at the same time, just because I have a commit in homebrew from like eight years ago doesn’t mean I’m your fucking supplier  I saw those words sometime back and yeah, modulo inertia and others' requirements, there's nothing valuable or interesting of mine on Github anymore. congrats everyone, you’ve convinced me that github is as harmful to free software efforts as discord, surprising even me Github has created and captured an enormous amount of value for themselves on the backs of other people’s labor, and once you see this it’s hard to look at the “software supply chain” thing and not see it as an attempt to protect their assets Github is telling me that because of my role in “the software supply chain” I am no longer allowed to disable 2FA on my account and quite frankly there’s nothing else you could have said that would have given me a greater desire to remove 2FA from my GitHub account
Show previous comments
@mattly The stakes are higher now after incidents like xz; we all need to do what we can to support a safe environment. I feel like there's an analogy to vaccines here that may be worth considering: a relatively minor thing for the greater good.  @mattly I got this too, so I don't think they're being real picky about the, uh, contributions. Pre-sleep thought: naming things in programming is difficult because names in code (and, in general) carve out the negative space. They exist to differentiate a term from that which it *is not*. Choosing a good name means not just understanding the thing to be named, but also the systems around it that are differentiated from it. A good name is only good with respect to the context it appears in.
Show previous comments
 @druskus Today in no one should JSON for anything. Seriously, it'd do the *exact* same thing.    @redoak this toot is hilarious because mushrooms have caps so in this scenario you might be one as well ... oh, that was probably intentional putting 'before:2022' into all of my web searches like a wanderer of a wasteland attempting to find relics of a forgotten time before the Great Plague  @AmyZenunim@unstable.systems ive actually found blog posts and honest to god forums by putting before:2018. its always such a shock If it takes 10,000 hours to achieve expertise in a skill, you can cut that down to 20,000 hours with the help of AI.
Show previous comments
 @chockenberry The number of replies that read that post the way they expected instead of what you actually wrote 😂 @chockenberry this has an epic double meaning:  seeing pushback against procedural generation as a result of alleged "AI" and that's really fucking sad good procedural generation is hard. good procedural generation is bespoke and intentional. good procedural generation is artistic and creative. please don't lump it in with the slop generated through machine learning 😞 EDIT: procgen is not AI, it's a 40+ year old game design technique, see: https://peoplemaking.games/@eniko/113158903401769257
Show previous comments
  Not just gaming, I think it's emergent behaviour of computing generally. We were doing it 40 years ago to generate bulk test data for systems because using production data was out of the question, that security/privacy thing.  Imagine walking up to someone 70 years ago to inform them that their consumption of a hamburger makes it more likely that Bangladesh will flood.  "The root cause of the huge market for fake Italian olive oil is fake Italian pensioners" is just so incredible, the world needs some sort of Evil James Burke to get on top of this, Connections but for organized crime.
Show previous comments
  @mhoye (kinda OT) I do like olive oil, so I hope it's no worse than other oils. In the US (and Canada?) don't buy non-specialty EU olive oil, it isn't their best. California (and south America, somewhat) generally produce a better quality every-day EVO than the EU exports to NA. EU reserves their best for domestic distribution; they have standards for "extra virgin" and we don't, so their best goes to EU distribution . Unreasonably fond of the realization that the “Mediterranean diet” fad is a random second- or third-order byproduct of pension fraud. I feel like there’s some sort of higher-level behavioural insight here, about how quickly people will latch on to things that give them any sense of agency over themselves, whatever the basis.
Show previous comments
 @mhoye “If they don’t acknowledge their errors in my lifetime, I guess I’ll just get someone to pretend I’m still alive until that changes.”  I don't think people do latch on to agency in that way. It's more an illustration of the idea that if people hear something seven times they believe it After all, over 50% of heart attacks are now caused by covid. That beats the supposed 30% reduction from the Mediterranean diet. But you don't see many people running around with n95s on  AI is \*not\* just a tool. It is a pea and thimble game in which a few, very rich people steal our entire cultural and intellectual history, and use it in a way that forever depletes it. It is a way of enclosing the commons. And it's taking us all, the demos, too long to get our collective heads around it because, like the climate, it is so strange to think of it being steal-able that the idea doesn't stick, it doesn't have language to describe and discuss it. 1/3 #AI
Show previous comments
 @lindawoodrow yes, AI could be the biggest land grab in history. Big tech is like a data-hungry Pacman. Nom nom nom nom... But it's OK, you can rent your knowledge back from them.  @lindawoodrow your post has helped me see that it has the same dynamics as this metaphor 👉 https://mastodon.social/@urlyman/113107865455294213 What Ted Chiang last year characterised as the “blurry JPEG of the web” problem is just a subset of the *ever-thinning gruel for dinner* problem 😞 @lindawoodrow I strongly agree. There are various analyses of this in the literature. The one which resonates most strongly for me is ‘technofeudelism’ (Yanis Varafoukis), worth a read. Anti-homeless architecture is anti-everyone architecture. When you are out in public space, you also do not have a home. You just make do with what seating and rest areas are available to everyone else as well.
Show previous comments
  @bbhorne but if you are sitting down, how can you be a productive consumer? Time spent sitting is time spent not-consuming  Two things we've learned over time: 1. Don't concentrate poverty. We knew this all along but the racists in Congress said we could only build things like Cabrini-Green and Pruitt-Igoe. 2. If you're going to build hangars, start with runways. If people end up in public housing, make sure they can get to education and jobs and food. There's lots more, but....  rust has a lot of problems, but let me tell you: “micro libraries” isn’t one splitting packages per concern is good for build performance, it’s good for review, it’s good for API evolution. the problems are technical (compiler perf), financial (funding OSS), human etc. @fasterthanlime It does seem to be that the people most eager to claim that modular dependency trees are a problem are those that primarily use languages that aggressively resist modularity. I wonder what that could mean? |
Gregory's Server
@mattly I agree with what you said, but after boosting it, decided that I want to do a little "Yes, and...".
As in, yes, and as long as we live in a capitalistic society, for people to be able to be trustworthy, they need to be able to eat. Thus I see why some people are trying to solve the money issue - but github forcing 2FA is not really helping with the money, so ehh.
@mattly that, exactly. Thank you saying it
@mattly yeah. glad to hear you got there! we do see a lot of reason to be hopeful that people are moving towards consensus that this corporate enclosure stuff really is a problem.